Why this matters
Setting up and running a company means sharing genuinely sensitive information with Cosmos: passports and identity documents, proof of address, details of who owns and controls the business, financial information, and sometimes information about where money has come from. Cosmos treats that information as confidential and handles it under a published privacy policy. This article explains, in plain terms, what Cosmos collects, how it is used, who it is shared with, how long it is kept, and how it is protected. Anything here is a summary, and the full privacy policy governs in detail.
Who is responsible for your information
Cosmos is the trading name of Sirius Consulting FZCO, a free zone company in the United Arab Emirates. Sirius Consulting FZCO is the data controller for the information described here, which means it is the entity responsible for how that information is handled. Because Cosmos serves clients in several countries, your information may be protected by more than one data protection law at the same time, including the UAE Personal Data Protection Law, the European Union and United Kingdom GDPR, and Singapore's Personal Data Protection Act. Where more than one applies to the same information, Cosmos applies the standard that gives you the strongest protection.
What Cosmos collects
Cosmos collects only what it needs to provide its services and meet its legal duties. In practice that includes:
Identity information, such as your name, date of birth, nationality and government identifiers
Contact information
Financial information, including, for some engagements, source of funds and source of wealth
Know-your-customer and anti-money-laundering records, including identity documents and the results of verification and screening checks
Beneficial ownership information, meaning who ultimately owns and controls a company
The documents and information you submit when you ask Cosmos to set up or run a company
Technical information about how you use the Cosmos website
Cosmos does not collect information it has no use for, and it asks that you do not send sensitive personal information unless it has specifically been requested.
How your information is used
Your information is used for the purpose you gave it: responding to your enquiry, forming and administering your company, taking payment, carrying out the due diligence the law requires, meeting Cosmos's own legal and regulatory obligations, and keeping you informed. It is not used for unrelated purposes. Cosmos does not sell your personal information to anyone.
A note on artificial intelligence
Cosmos uses artificial intelligence to help draft documents, check compliance information and answer questions. When you use an AI-assisted feature, your input is processed by third-party model providers, currently OpenAI, Anthropic and Mistral AI, and those providers may use it to improve their models. Cosmos does not itself train AI models. For that reason, you should not enter confidential information, or sensitive personal information, into an AI-assisted feature. If you have something confidential to share, send it to the team directly instead.
How your information is protected
Cosmos applies technical and organisational measures to keep your information secure. These include encrypting information both while it travels and while it is stored, restricting access to the people who need it for their role, requiring multi-factor authentication for systems that hold personal information, logging and monitoring access, and backing data up so it can be restored after an incident. Everyone at Cosmos who handles personal information is bound by confidentiality obligations.
Who your information is shared with
Running and forming companies means some information has to be shared, but only with those who need it, and only the part they need. Recipients can include:
Registrars, regulators, tax authorities and other government bodies, where the law or the engagement requires it
Service providers who work on Cosmos's instructions, such as hosting providers, the payment provider Stripe, identity verification and screening providers, and the AI model providers mentioned above
Professional advisers, such as lawyers, accountants and auditors
Banks and corporate services providers, where Cosmos is helping you open an account or establish an entity
Anyone Cosmos is legally required to disclose information to, for example under a court order or a binding request from a regulator
Because Cosmos and its providers operate across borders, your information may be transferred between countries. Where that happens, Cosmos uses transfer protections recognised by the applicable law, such as standard contractual clauses.
How long it is kept
Cosmos keeps your information only as long as it is needed, and some periods are set by law rather than by choice. As a guide, enquiry information where no engagement follows is held for around two years, while the due diligence and identity records of an engaged client are kept for eight years after the engagement ends, because anti-money-laundering rules require it. When information is no longer needed, it is securely deleted or anonymised.
Your rights
Depending on the law that applies to you, you have rights over your information. These may include the right to ask for a copy of it, to have it corrected, to have it deleted, and to object to certain uses. You can also complain to a data protection regulator. Cosmos does not knowingly collect information about anyone under 18.
How to reach the privacy team
To ask a question about your information, or to exercise any of your rights, write to [email protected]. Cosmos asks that rights requests are made in writing, so they can be recorded and handled properly. The full privacy policy, which governs in detail everything summarised here, is published on the Cosmos website. Where you choose where to set up, note that some jurisdictions place company information on a public register and others keep it private; Choosing where to set up covers that point directly.